Docs Home
Oracle Cloud Infrastructure v2.33.0 published on Thursday, May 1, 2025 by Pulumi
oci.Kms.GeneratedKey
Explore with Pulumi AI
This resource provides the Generated Key resource in Oracle Cloud Infrastructure Kms service.
Generates a key that you can use to encrypt or decrypt data.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testGeneratedKey = new oci.kms.GeneratedKey("test_generated_key", {
cryptoEndpoint: generatedKeyCryptoEndpoint,
includePlaintextKey: generatedKeyIncludePlaintextKey,
keyId: testKey.id,
keyShape: {
algorithm: generatedKeyKeyShapeAlgorithm,
length: generatedKeyKeyShapeLength,
curveId: testCurve.id,
},
associatedData: generatedKeyAssociatedData,
loggingContext: generatedKeyLoggingContext,
});
import pulumi
import pulumi_oci as oci
test_generated_key = oci.kms.GeneratedKey("test_generated_key",
crypto_endpoint=generated_key_crypto_endpoint,
include_plaintext_key=generated_key_include_plaintext_key,
key_id=test_key["id"],
key_shape={
"algorithm": generated_key_key_shape_algorithm,
"length": generated_key_key_shape_length,
"curve_id": test_curve["id"],
},
associated_data=generated_key_associated_data,
logging_context=generated_key_logging_context)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.NewGeneratedKey(ctx, "test_generated_key", &kms.GeneratedKeyArgs{
CryptoEndpoint: pulumi.Any(generatedKeyCryptoEndpoint),
IncludePlaintextKey: pulumi.Any(generatedKeyIncludePlaintextKey),
KeyId: pulumi.Any(testKey.Id),
KeyShape: &kms.GeneratedKeyKeyShapeArgs{
Algorithm: pulumi.Any(generatedKeyKeyShapeAlgorithm),
Length: pulumi.Any(generatedKeyKeyShapeLength),
CurveId: pulumi.Any(testCurve.Id),
},
AssociatedData: pulumi.Any(generatedKeyAssociatedData),
LoggingContext: pulumi.Any(generatedKeyLoggingContext),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testGeneratedKey = new Oci.Kms.GeneratedKey("test_generated_key", new()
{
CryptoEndpoint = generatedKeyCryptoEndpoint,
IncludePlaintextKey = generatedKeyIncludePlaintextKey,
KeyId = testKey.Id,
KeyShape = new Oci.Kms.Inputs.GeneratedKeyKeyShapeArgs
{
Algorithm = generatedKeyKeyShapeAlgorithm,
Length = generatedKeyKeyShapeLength,
CurveId = testCurve.Id,
},
AssociatedData = generatedKeyAssociatedData,
LoggingContext = generatedKeyLoggingContext,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Kms.GeneratedKey;
import com.pulumi.oci.Kms.GeneratedKeyArgs;
import com.pulumi.oci.Kms.inputs.GeneratedKeyKeyShapeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testGeneratedKey = new GeneratedKey("testGeneratedKey", GeneratedKeyArgs.builder()
.cryptoEndpoint(generatedKeyCryptoEndpoint)
.includePlaintextKey(generatedKeyIncludePlaintextKey)
.keyId(testKey.id())
.keyShape(GeneratedKeyKeyShapeArgs.builder()
.algorithm(generatedKeyKeyShapeAlgorithm)
.length(generatedKeyKeyShapeLength)
.curveId(testCurve.id())
.build())
.associatedData(generatedKeyAssociatedData)
.loggingContext(generatedKeyLoggingContext)
.build());
}
}
resources:
testGeneratedKey:
type: oci:Kms:GeneratedKey
name: test_generated_key
properties:
cryptoEndpoint: ${generatedKeyCryptoEndpoint}
includePlaintextKey: ${generatedKeyIncludePlaintextKey}
keyId: ${testKey.id}
keyShape:
algorithm: ${generatedKeyKeyShapeAlgorithm}
length: ${generatedKeyKeyShapeLength}
curveId: ${testCurve.id}
associatedData: ${generatedKeyAssociatedData}
loggingContext: ${generatedKeyLoggingContext}
Create GeneratedKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GeneratedKey(name: string, args: GeneratedKeyArgs, opts?: CustomResourceOptions);@overload
def GeneratedKey(resource_name: str,
args: GeneratedKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GeneratedKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
crypto_endpoint: Optional[str] = None,
include_plaintext_key: Optional[bool] = None,
key_id: Optional[str] = None,
key_shape: Optional[GeneratedKeyKeyShapeArgs] = None,
associated_data: Optional[Mapping[str, str]] = None,
logging_context: Optional[Mapping[str, str]] = None)func NewGeneratedKey(ctx *Context, name string, args GeneratedKeyArgs, opts ...ResourceOption) (*GeneratedKey, error)public GeneratedKey(string name, GeneratedKeyArgs args, CustomResourceOptions? opts = null)
public GeneratedKey(String name, GeneratedKeyArgs args)
public GeneratedKey(String name, GeneratedKeyArgs args, CustomResourceOptions options)
type: oci:Kms:GeneratedKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var generatedKeyResource = new Oci.Kms.GeneratedKey("generatedKeyResource", new()
{
CryptoEndpoint = "string",
IncludePlaintextKey = false,
KeyId = "string",
KeyShape = new Oci.Kms.Inputs.GeneratedKeyKeyShapeArgs
{
Algorithm = "string",
Length = 0,
CurveId = "string",
},
AssociatedData =
{
{ "string", "string" },
},
LoggingContext =
{
{ "string", "string" },
},
});
example, err := kms.NewGeneratedKey(ctx, "generatedKeyResource", &kms.GeneratedKeyArgs{
CryptoEndpoint: pulumi.String("string"),
IncludePlaintextKey: pulumi.Bool(false),
KeyId: pulumi.String("string"),
KeyShape: &kms.GeneratedKeyKeyShapeArgs{
Algorithm: pulumi.String("string"),
Length: pulumi.Int(0),
CurveId: pulumi.String("string"),
},
AssociatedData: pulumi.StringMap{
"string": pulumi.String("string"),
},
LoggingContext: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var generatedKeyResource = new GeneratedKey("generatedKeyResource", GeneratedKeyArgs.builder()
.cryptoEndpoint("string")
.includePlaintextKey(false)
.keyId("string")
.keyShape(GeneratedKeyKeyShapeArgs.builder()
.algorithm("string")
.length(0)
.curveId("string")
.build())
.associatedData(Map.of("string", "string"))
.loggingContext(Map.of("string", "string"))
.build());
generated_key_resource = oci.kms.GeneratedKey("generatedKeyResource",
crypto_endpoint="string",
include_plaintext_key=False,
key_id="string",
key_shape={
"algorithm": "string",
"length": 0,
"curve_id": "string",
},
associated_data={
"string": "string",
},
logging_context={
"string": "string",
})
const generatedKeyResource = new oci.kms.GeneratedKey("generatedKeyResource", {
cryptoEndpoint: "string",
includePlaintextKey: false,
keyId: "string",
keyShape: {
algorithm: "string",
length: 0,
curveId: "string",
},
associatedData: {
string: "string",
},
loggingContext: {
string: "string",
},
});
type: oci:Kms:GeneratedKey
properties:
associatedData:
string: string
cryptoEndpoint: string
includePlaintextKey: false
keyId: string
keyShape:
algorithm: string
curveId: string
length: 0
loggingContext:
string: string
GeneratedKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GeneratedKey resource accepts the following input properties:
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey - If true, the generated key is also returned unencrypted.
- Key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- Associated
Data Dictionary<string, string> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Logging
Context Dictionary<string, string> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey - If true, the generated key is also returned unencrypted.
- Key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args - The cryptographic properties of a key.
- Associated
Data map[string]string - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Logging
Context map[string]string Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey - If true, the generated key is also returned unencrypted.
- key
Id String - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- associated
Data Map<String,String> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context Map<String,String> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext booleanKey - If true, the generated key is also returned unencrypted.
- key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- associated
Data {[key: string]: string} - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context {[key: string]: string} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto_
endpoint str - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include_
plaintext_ boolkey - If true, the generated key is also returned unencrypted.
- key_
id str - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key_
shape GeneratedKey Key Shape Args - The cryptographic properties of a key.
- associated_
data Mapping[str, str] - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging_
context Mapping[str, str] Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey - If true, the generated key is also returned unencrypted.
- key
Id String - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape Property Map - The cryptographic properties of a key.
- associated
Data Map<String> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context Map<String> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Outputs
All input properties are implicitly available as output properties. Additionally, the GeneratedKey resource produces the following output properties:
- Ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - Plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- Ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - Plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext String
- The encrypted data encryption key generated from a master encryption key.
- id String
- The provider-assigned unique ID for this managed resource.
- plaintext String
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum String - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- id string
- The provider-assigned unique ID for this managed resource.
- plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext str
- The encrypted data encryption key generated from a master encryption key.
- id str
- The provider-assigned unique ID for this managed resource.
- plaintext str
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext_
checksum str - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext String
- The encrypted data encryption key generated from a master encryption key.
- id String
- The provider-assigned unique ID for this managed resource.
- plaintext String
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum String - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
Look up Existing GeneratedKey Resource
Get an existing GeneratedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GeneratedKeyState, opts?: CustomResourceOptions): GeneratedKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
associated_data: Optional[Mapping[str, str]] = None,
ciphertext: Optional[str] = None,
crypto_endpoint: Optional[str] = None,
include_plaintext_key: Optional[bool] = None,
key_id: Optional[str] = None,
key_shape: Optional[GeneratedKeyKeyShapeArgs] = None,
logging_context: Optional[Mapping[str, str]] = None,
plaintext: Optional[str] = None,
plaintext_checksum: Optional[str] = None) -> GeneratedKeyfunc GetGeneratedKey(ctx *Context, name string, id IDInput, state *GeneratedKeyState, opts ...ResourceOption) (*GeneratedKey, error)public static GeneratedKey Get(string name, Input<string> id, GeneratedKeyState? state, CustomResourceOptions? opts = null)public static GeneratedKey get(String name, Output<String> id, GeneratedKeyState state, CustomResourceOptions options)resources: _: type: oci:Kms:GeneratedKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Associated
Data Dictionary<string, string> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey - If true, the generated key is also returned unencrypted.
- Key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- Logging
Context Dictionary<string, string> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - Plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- Associated
Data map[string]string - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey - If true, the generated key is also returned unencrypted.
- Key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args - The cryptographic properties of a key.
- Logging
Context map[string]string Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - Plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data Map<String,String> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext String
- The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey - If true, the generated key is also returned unencrypted.
- key
Id String - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- logging
Context Map<String,String> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- plaintext String
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum String - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data {[key: string]: string} - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext string
- The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext booleanKey - If true, the generated key is also returned unencrypted.
- key
Id string - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape - The cryptographic properties of a key.
- logging
Context {[key: string]: string} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- plaintext string
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum string - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated_
data Mapping[str, str] - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext str
- The encrypted data encryption key generated from a master encryption key.
- crypto_
endpoint str - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include_
plaintext_ boolkey - If true, the generated key is also returned unencrypted.
- key_
id str - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key_
shape GeneratedKey Key Shape Args - The cryptographic properties of a key.
- logging_
context Mapping[str, str] Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- plaintext str
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext_
checksum str - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data Map<String> - Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext String
- The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey - If true, the generated key is also returned unencrypted.
- key
Id String - The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape Property Map - The cryptographic properties of a key.
- logging
Context Map<String> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- plaintext String
- The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true". - plaintext
Checksum String - The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
Supporting Types
GeneratedKeyKeyShape, GeneratedKeyKeyShapeArgs
- Algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - Length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- Curve
Id string - Supported curve IDs for ECDSA keys.
- Algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - Length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- Curve
Id string - Supported curve IDs for ECDSA keys.
- algorithm String
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - length Integer
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id String - Supported curve IDs for ECDSA keys.
- algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - length number
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id string - Supported curve IDs for ECDSA keys.
- algorithm str
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve_
id str - Supported curve IDs for ECDSA keys.
- algorithm String
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
Externalkeys. - length Number
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id String - Supported curve IDs for ECDSA keys.
Import
Import is not supported for this resource.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ociTerraform Provider.